Details

Underscores in any text being passed to SQL strings have their undersocres (_) escaped with a backslash.

I can't remember why we did this. The function FNopm_CleanSQLString in dataman.pas escapes backslashes, single quotes and percent symbols. Also, it deletes tabs and backspaces, and also convert double-quotes to double single-quotes, LF and CR to escaped representations. All this to secure the interface against SQL injection.